chrony System clock synchronization client and server

4.0 net =2 4.0Version of this port present on the latest quarterly branch.

Maintainer: mandree@FreeBSD.org

Port Added: 2014-04-08 17:07:07

Last Update: 2021-01-19 20:24:46

SVN Revision: 562078

People watching this port, also watch: openjdk8, netdata, coreutils

License: GPLv2

Description:

chrony is a pair of programs which are used to maintain the accuracy of the system clock on a computer; the two programs are called chronyd and chronyc. chronyd is a daemon which runs in background on the system. It obtains measurements via the network of the system clock's offset relative to time servers on other systems and adjusts the system time accordingly. For isolated systems, the user can periodically enter the correct time by hand (using chronyc). In either case, chronyd determines the rate at which the computer gains or loses time, and compensates for this. chronyd implements the NTP protocol and can act as either a client or a server. chronyc provides a user interface to chronyd for monitoring its performance and configuring various settings. It can do so while running on the same computer as the chronyd instance it is controlling or a different computer. WWW: http://chrony.tuxfamily.org/

SVNWeb : Homepage

pkg-plist: as obtained via: make generate-plist

Expand this list (18 items)

Collapse this list.

1. /usr/local/share/licenses/chrony-4.0/catalog.mk
2. /usr/local/share/licenses/chrony-4.0/LICENSE
3. /usr/local/share/licenses/chrony-4.0/GPLv2
4. bin/chronyc
5. @sample etc/chrony.conf.sample
6. man/man1/chronyc.1.gz
7. man/man5/chrony.conf.5.gz
8. man/man8/chronyd.8.gz
9. sbin/chronyd
10. @dir(chronyd,chronyd) /var/db/chrony
11. @comment share/doc/chrony/chrony.conf.html
12. @comment share/doc/chrony/chronyc.html
13. @comment share/doc/chrony/chronyd.html
14. @comment share/doc/chrony/faq.html
15. @comment share/doc/chrony/installation.html
16. @owner
17. @group
18. @mode

Collapse this list.

• chrony>0:net/chrony

Conflicts:

CONFLICTS_INSTALL:

• chrony-lite

Conflicts Matches:

There are no Conflicts Matches for this port. This is usually an error.

To install the port: cd /usr/ports/net/chrony/ && make install clean

To add the package: pkg install chrony

PKGNAME: chrony

Flavors: there is no flavor information for this port.

distinfo:

TIMESTAMP = 1602089678 SHA256 (chrony-4.0.tar.gz) = be27ea14c55e7a4434b2fa51d53018c7051c42fa6a3198c9aa6a1658bae0c625 SIZE (chrony-4.0.tar.gz) = 546939

Slave ports

1. net/chrony-lite

Dependencies

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

1. gmake>=4.3 : devel/gmake
2. pkgconf>=1.3.0_1 : devel/pkgconf

Library dependencies:

1. libnettle.so : security/nettle
2. libgnutls.so : security/gnutls
3. libedit.so.0 : devel/libedit

There are no ports dependent upon this port

Configuration Options

===> The following configuration options are available for chrony-4.0: DOCS=on: Build and/or install documentation EXAMPLES=on: Build and/or install examples HTMLDOCS=off: Build HTML docs (IMPLIES DOCS, needs ruby, asciidoctor) NTS=on: Support Network Time Security (NTS, uses GnuTLS & Nettle) USER=on: Run as user/group chronyd (unset: user/group ntpd) ====> Support for secure hash functions NETTLE=on: Nettle crypto library support for secure hash and NTS NSS=off: NSS-based support for more hashing algorithms ===> Use 'make config' to modify these settings

USES:

cpe gmake libedit pkgconfig

Master Sites:

Expand this list (5 items)

Collapse this list.
1. http://distcache.FreeBSD.org/local-distfiles/mandree/
2. http://distcache.eu.FreeBSD.org/local-distfiles/mandree/
3. http://distcache.us-east.FreeBSD.org/local-distfiles/mandree/
4. http://distcache.us-west.FreeBSD.org/local-distfiles/mandree/
5. https://download.tuxfamily.org/chrony/
Collapse this list.

net/chrony: Preparations for a new slave port

PR:		252584
Submitted by:	myself
Approved by:	mandree@

net/chrony: update to 4.0 release

Changelog: https://git.tuxfamily.org/chrony/chrony.git/tree/NEWS?id=4.0#n1

Update options (unfortunately the crypto stuff is a bit contorted
with NSS <-> Nettle incompatibilities and NTS requiring GnuTLS and Nettle).

net/chrony: security update to 3.5.1

This upstream update essentially contains one Git commit:
https://git.tuxfamily.org/chrony/chrony.git/commit/?h=3.5-stable&id=f00fed20092b6a42283f29c6ee1f58244d74b545

It is to fix a symlink vulnerability when writing the pidfile.

Changelog:
https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html

MFH:		2020Q2 (blanket: upstream has one specific git commit between 3.5 and
3.5.1)
Security:	CVE-2020-14367
Security:	719f06af-e45e-11ea-95a1-c3b8167b8026

Bump PORTREVISION for security/nettle shlib change

net/chrony: option to use system ntpd user/group

USER_DESC was reworded to make purpose clearer.

While here, shuffle things a bit to appease portclippy.

PR:		246293
Submitted by:	olivier@

net/chrony: fix regression, remove pidfile= from rc.d script

chrony handles its own pidfile, and still our status method works,
so avoid missing chrony's own lock management.

PR:		245399
Reported by:	Peter Putzer

net/chrony: take maintainership, repeated timeouts from yonas@fizk.net

net/chrony: make NETTLE build robust, improve rc script, re-enable NSS

Changes by Colin T.:
* Always require pkgconfig instead of only requiring it for NSS,
  because otherwise chrony does not link reliably to nettle. [1]
* Add pidfile to rc.d script to stop it from complaining when
  stopping chronyd. [1]
* Document chronyd_* options in rc.d script. [1]

Changes by Matthias Andree:
* Move USES line up to please portlint.
* Add HTMLDOCS option, to build and install HTML docs. IMPLIES DOCS.
  Needs textproc/asciidoctor (rubygem) as build requisite.
* Turn CRYPTLIB into a _RADIO to choose at most one from NSS + NETTLE.
* Under WITH_DEBUG, add --enable-debug to CONFIGURE_ARGS.
* Remove @ (silent) from Makefile commands.
* Remove NSS_BROKEN, chrony 3.5 appears to work with NSS. Updates [3].

PR:		244534 [1]
PR:		242510 [2]
PR:		223840 [3]
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com> [1]
Reported by:	Matt Smith <freebsd@xtaz.uk> [2]
Approved by:	maintainer timeout (yonas@fizk.net, 36 days)

Drop the ipv6 virtual category for n* category as it is not relevant anymore

net/chrony: Update to 3.5

PR:		239596
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com>
Approved by:	maintainer timeout (yonas@fizk.net, >1 month)

Update security/nettle to 3.5.1

- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]

Changes:	https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR:		238991
Exp-run by:	antoine
Thanks to:	tobik [1]

net/chrony: Fix chrony running as server and using bindaddress

On FreeBSD, sendmsg() fails when IP_SENDSRCADDR specifies a source
address on a socket that is bound to the address. This prevents a server
configured with the bindaddress directive from responding to clients.

Add a new variable to check whether the server IPv4 socket is not bound
before setting the source address.

PR:		233644
Submitted by:	Colin T <bugzilla@nulldir.e4ward.com>
Reported by:	ddrinnon@cdor.net
Approved by:	maintainer timeout (> 3 weeks)
Obtained
from:	https://git.tuxfamily.org/chrony/chrony.git/commit/?id=6af39d63aa9323b4b8c39efe24ae0c88c949a901

net/chrony: Update to 3.4

PR:		232823
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com>
Approved by:	maintainer timeout (yonas@fizk.net, >3 weeks)

Remove redundant DOCS, NLS, EXAMPLES, and IPV6 from OPTIONS_DEFAULT as they
are put there by the framework (see line 200 of Mk/bsd.options.mk), except
for `finance/quantlib' which makes very unorthodoxal usage of port options.

net/chrony: Update to 3.3

- Add explicit DOCS, EXAMPLES options
- Replace %%PREFIX%% in sample files
- Make sure chronyc is really linked with libedit from ports
- Add support for security/nettle and use it by default since chrony crashes
  on startup when built with NSS. [1]

PR:		227779, 223840 [1]
Submitted by:	takefu@airport.fm
Approved by:	maintainer

Add missing lib dependency in the original patch
Bump PORTREVISION

PR:		217691
Submitted by:	John Hein  <z7dr6ut7gs@snkmail.com>
Approved by:	Yonas Yanfa <yonas@fizk.net>

Makes the NSS dependency explicit, and perform cleanup
Bump PORTREVISION

Before this patch if nss is installed when crony is built, there's a silent lib
dependency on nss, and if nss is subsequently uninstalled chrony breaks.

NSS is now turned on by default adding support for a number of more modern
hashing algorithms than md5.

Cleanup:
 - --infodir is not a valid configure option (since 2.3 I think)
 - USES=localbase instead of LDFLAGS
 - add explicit --without-tomcrypt [1]
 - add support for passing chronyd_flags to chronyd in rc.d script
 - fix some hard-coded /usr/local in examples

PR:		217691
Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
Approved by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

net/chrony: Remove dubious security warnings in pkg-message

PR:		223647
MFH:		2017Q4

- Update to 3.1

PR:		217573
Submitted by:	yonas@fizk.net(maintainer)

Update net/chrony: enable privilege separation and other minor changes.

- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group

PR:		216737
Submitted by:	maintainer
Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D9570

Mark various ports broken on aarch64 and armv6.

Approved by:	portmgr (tier-2 blanket)

- Update to 3.0
- While here, add LICENSE_FILE and remove unneeded @dir

PR:		216184
Submitted by:	yonas@fizk.net (maintainer)

Do not use post-stage.  Use post-install instead.

The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.

PR:		214780
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight

net/chrony: update 2.4 -> 2.4.1

PR:		214749
Submitted by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

net/chrony: 2.3 -> 2.4

Changes:
  http://chrony.tuxfamily.org/news.html

PR:		210190
Submitted by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

- Remove ONLY_FOR_ARCHS restriction as chronyd(8) runs fine on PowerPC now
- Remove no-op OPTIONS_DEFAULT=IPV6, which was bogusly re-added in r416385
  by pi@ after it was previously removed by amdmi3@ in r416447
- Sanitize `post-stage' target recipe (still needs more work to decouple
  extra docs and examples properly and add them to OPTIONS_DEFINE)

Tested on:	Mac mini G4 (powerpc)

net/chrony: 2.2 -> 2.3

- submitter becomes maintainer after repeated maintainer timeouts

Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
- Resolve names in separate process when seccomp filter is enabled
- Replace old records in client log when memory limit is reached
- Don't reveal local time and synchronisation state in client packets

Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed

Approved by:	portmgr blanket

Update to upstream version 2.2; general cleanup

Detailed log by submitter:
- Update net/chrony to latest upstream version - 2.2
- install info
- point to /var/db instead of /var/lib (per hier(7))
- use doc/install-docs target; install more docs (PORTDOCS)
- use @sample to a sample .conf file (not for .keys which will require
  manual intervention); others in examples dir (use PORTEXAMPLES)
- rm old post-install target
- fix example files for freebsd/prefix paths & ntp server names, add
  info regarding how to do log rotation if logging turned on.

PR:		204817
Submitted by:	z7dr6ut7gs@snkmail.com
Approved by:	maintainer timeout

net/chrony: prefix fix, remove setuid-root mode

PR:		204018
Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
Reviewed by:	koobs
Approved by:	masaki@club.kyutech.ac.jp (maintainer timeout)

net/chrony: 1.31 -> 1.31.1

- Update to 1.31.1 to resolve CVE-2015-1799, CVE-2015-1821, and CVE-2015-1822
- Regenerate patches with `make makepatch` to quiet portlint
- Strip binaries

PR:		199508
Submitted by:	Jason Unovitch <jason.unovitch@gmail.com>
Approved by:	masaki@club.kyutech.ac.jp (maintainer timeout)

net/chrony: add CPE info

PR:		199513
Submitted by:	jbeich
Approved by:	portmgr blanket

- Update to 1.31 [1]

While here:

- Add makeinfo and readline uses
- Fix plist orphans

PR:		194079 [1]
Submitted by:	Kevin Thompson <antiduh at csh.rit.edu>
Approved by:	maintainer timeout

Some minor, non-functional wording and grammar nits.

Add a port of system clock synchronization client and server (chrony).

WWW: http://chrony.tuxfamily.org/

PR:	ports/174263

9 vulnerabilities affecting 70 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2021-01-26 20:33:26